There is a great module for improving access modules collaboration - Module Grants. This module changes drupal's node access logic from OR to AND. So, permission for user to do some operation on some node will be given only if all access modules will allow it.
I'm tried to make Content Access and Workflow modules work together with AND logic. But Content Access uses drupal's built-in permission and this cause some problems.
Look into node_access() function (Module Grants replacement for this function is little different, but this part is the same).
// ... some standard checks ...
$module = node_get_types('module', $node);
if ($module == 'node') {
$module = 'node_content';
}
$access = module_invoke($module, 'access', $op, $node, $account);
if (!is_null($access)) {
return $access;
}
// ... proceed with module's grants ...
In most cases node_content_access() function will be used. Here part of it.
// ...
if ($op == 'update') {
if (user_access('edit any ' . $type . ' content', $account) || (user_access('edit own ' . $type . ' content', $account) && ($account->uid == $node->uid))) {
return TRUE;
}
}
if ($op == 'delete') {
if (user_access('delete any ' . $type . ' content', $account) || (user_access('delete own ' . $type . ' content', $account) && ($account->uid == $node->uid))) {
return TRUE;
}
}
// ...
As you can see, if user have update or delete permissions enabled, access will be allowed, and modules grants will be ignored.
Current implementation of Content Access not allowed to use it with another access modules. Inherently, Content Access gives only two grants: view any, view own. And this is sad.
I propose to create option for Content Access "Use built-in Drupal's permissions for edit/delete operations", which will be enabled by default.
Comments
Comment #1
Leksat CreditAttribution: Leksat commentedI have created patch for 6.x-1.2 version.
I have tested it on my site and on clean drupal installation. It works fine to me.
Comment #2
Leksat CreditAttribution: Leksat commentedI had made little change for my patch to use built-in module function instead of direct using Content Access settings.
Here new version.
Comment #3
Encarte CreditAttribution: Encarte commentedinteresting
Comment #5
Leksat CreditAttribution: Leksat commentedComment #7
Leksat CreditAttribution: Leksat commentedHmm... I don't know what wrong with patch. It saved as UTF-8 without BOM (using Notepad++).
Can anybody help?
Comment #8
gapple@Leksat, patches must be saved with UNIX line endings.
In notepad++ go to Edit -> EOL Conversion -> UNIX Format.
Comment #9
Leksat CreditAttribution: Leksat commentedThanks. Lets try again...
Comment #11
gisle